By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

what Brad Blake, IT director at Boston Medical Center (BMC), does with security tools -- specifically, he has grown a log management tool, purchased to manage misbehaving ports, into the eyes and ears of his network.

Boston Medical Center

IT executive: Brad Blake Role: Oversees IT infrastructure and 70 of the hospital's 140 IT staff members. Computers: About 5,000 Project: Integrated log management device from ArcSight with McAfee IPS

He achieved this feat by pairing the log management tool -- which cost about $150,000 but saves the company $100,000 per year -- with the hospital's intrusion prevention system (IPS). Both vendors, ArcSight Inc. and McAfee Inc., helped.

"My security engineers can see an event in the McAfee IPS, right-click on it and execute an ArcSight command to shut the port off at that infected device," he said.

It was four years ago that Blake sought a solution to network problems spanning the 29-building Boston Medical Center. Over the years, networks and clients were upgraded from 10 MB to 100 MB, but if a client machine and the network were not set correctly for 100 MB, the system "autonegotiated" to the lower end of the setting, requiring a senior engineer to locate and reset the switch. An expensive fix.

"We were constantly struggling with managing ports that connect to networks, specifically the speed they were set up for," Blake said. "We started to look in the marketplace for something that was simple and easy to use for our help desk folks, so that when a call came in they could at least take a look at the two big issues we were dealing with at this time -- the speed and the duplex settings on the network cards."

"From a pure cost savings it was obviously a big win for us. Over the course of a year, I probably burnt an entire full-time network engineer," or more than $100,000, Blake said.

Log management + IPS = intelligent security

As future versions of the ArcSight Logger software were launched, Blake's team configured Logger "to walk" its entire network and map -- in Microsoft Visio diagrams -- the locations of all its equipment. Then the team configured Logger to gather the log files from the far-flung systems that IT owned and pull them into a central location.

"That gave us the ability to do searches and run reports on the information we were looking for," Blake said.

More IT security resources

The solution, which cost approximately $150,000, gave what Blake (and ArcSight) like to call "forensics on the fly." Instead of waiting for the distress call, the logger helps anticipate problems on the network. For example, last year the ArcSight Logger resolved a spanning tree loop problem in a matter of minutes. Usually such glitches require a three-day fix.

Charles Kolodgy, research director, secure products at Framingham, Mass.-based IDC, said that in these days of diminishing IT budgets and rising security threats, taking an entrepreneurial approach to one's security architecture is becoming a necessity.

"Security ranges between 5% and 10% of your total IT budget," he said. A small company might have only a $5 million IT budget. "They'll be lucky if they spend $500,000 [on security], and the security covers a lot of product areas -- desktop security, your IPS, firewalls and antispam. There are 40 or 50 technologies you can get."

As for log management, consolidating logs in a central location for management purposes is one thing, but you also need the context of those transactions, Kolodgy said.

"The logs can be massively large. You need to be able to find correlations between them and be able to use that information in ways that can either vastly improve your security, such as helping you tune your intrusion prevention system, or possibly even tying it into your identity system," Kolodgy said.

Enterprising IT executive marries ArcSight and McAfee

That is essentially what Blake did. The Logger appliance didn't provide an easy-to-look-at view of what was going on. BMC is a McAfee shop. An admirer of the color-coded screen of his IPS system, Blake approached McAfee and ArcSight and spearheaded an integration of the two products.

"What I am trying to do is get us into a more proactive mode around our security, because it has become such a hot topic," Blake said.

E-Zine

0 comments

E-Mail

Username / Password

Password

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy